External Exposures caused 82% Of All Q1 Cyber Attacks – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Jul 01, 2022 05:44 am PST

According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure. Patchable and preventable external vulnerabilities were found to be responsible for the bulk of all attacks.

  • 82% of incidents responded to by Tetra Defense were caused by the external exposure of a known vulnerability on the victim’s network
  • Incidents caused by unpatched systems cost organizations 54% more than those caused by employee error
  • Log4J/Log4Shell is still being actively exploited, but the significant global attention of the vulnerability has prevented ongoing widespread exploitation
  • Compromised credentials still account for a number of incidents, underscoring the need for more organizations to adopt multi-factor authentication (MFA) and implement dark web monitoring

“This cost discrepancy highlights the complexity of recovery from external vulnerability incidents and how failing to patch in a timely manner can be a contributor to a higher financial cost to an organization.”

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
James Stahl
James Stahl , Senior Adversarial Emulation Consultant
July 1, 2022 1:54 pm

Threat actors use of widespread automated discovery tools and exploitation of known vulnerabilities nearly guarantees that vulnerable, exposed services will be found and therefore likely exploited at a speed that has never been faster. Because of that, from a security defender’s perspective, it becomes a race against the clock; not if the vulnerabilities will be exploited, but when the access and information gained through exploitation will be used.  

  “Therefore, here are a few tips for mitigating external risk:

  • Your adversaries are already doing this, so be sure to audit your external exposure and attack surface for vulnerabilities continually and ensure that only what is necessary is exposed
  • Automated scanning, robust patch management, and a secure CI/CD pipeline are the minimum requirements for externally exposed services
  • Turn up the detection and prevention mechanisms around initial privilege escalation and lateral movement techniques. In the spirit of layering defenses, if a major vulnerability goes unchecked, protecting for the next steps in the attacker kill chain becomes key

  “Additionally, because so many breaches begin with social engineering/password guessing/etc., it is critical to enforce effective MFA across all external access points and accounts. This will stop the majority of major external incidents before they start.”

Last edited 1 year ago by james.stahl

Recent Posts

Would love your thoughts, please comment.x